From: Andy Stewart <andystewart(a)comcast.net>
In my town, I've noticed that other town employees with
whom I send email are unable to send return email to me.
This started happening about a month ago. My ISP is
I am just going to type something crazy off the top
of my head and go to sleep. Take two and call me in
This description was sent to me by a town employee:
o In an attempt to limit the amount of SPAM on the Comcast
Internet system, Comcast does not allow external email
servers to send mail to Comcast email accounts where the
sending email server's MX records do not match.
o Because the TOWN mail server is behind our firewall
our incoming mail IP address is different from our sending
mail IP address. In other words our MX records do not match
consequently Comcast blocks our mail from being sent to
Comcast email addresses.
Your town employees are impressively well informed.
- - What is an MX record?
A Mail eXchange record is given by a DNS server when you ask for it.
You did not say the domain you are sending to, but you can see
mx records thus:
C:> $ dig comcast.net
. 900 IN MX 5 gateway-r.comcast.net
. 900 IN MX 5 gateway-s.comcast.net
There you see the name of two servers that will (aledgedly) accept
mail for goodguy(a)comcast.net.
. 900 IN A 184.108.40.206
. 900 IN A 220.127.116.11
. 900 IN A 18.104.22.168
. 900 IN A 22.214.171.124
There you see their IP addresses. You can talk to them like this
C:> $ telnet 126.96.36.199 smtp
C:> Trying 188.8.131.52...
C:> Connected to gateway-r.comcast.net
C:> Escape character is '^]'.
C:> 220 rwcrmxc18.comcast.net
- Maillennium ESMTP/MULTIBOX rwcrmxc18 #337
C:> helo dsl.keithdiane.us
C:> 250 rwcrmxc18.comcast.net
C:> mail from: kwright(a)keithdiane.us
C:> 501 need MAIL FROM:<name@domain>
C:> MAIL FROM: <kwright(a)keithdiane.us>
C:> 250 ok
C:> RCPT TO: <andystewart(a)comcast.net>
C:> 250 ok
C:> 354 ok
C:> This is just kwright goofing on you.
C:> Read your WLUG messages I will explain.
C:> 250 ok . id=20060425052454r1800cg1fje [f]
C:> 221 rwcrmxc18.comcast.net
C:> Connection closed by foreign host.
It seemed to work, and I am typing this on a machine behind an
NAT translation firewall (other kinds should be transparent).
This is not my mail server, but it seemed to work.
Only Andy can say whether they accepted the message and
then trashed it in flagrant violation of RFC-2821, which tells
how to do such things. They are more tight-assed than most
about using the proper case, and I have never seen one that
required the <brackets.com> around the address.
- - Is it normal for the mail server to be behind the
firewall? I thought perhaps it would be either exposed to
the net or on the DMZ.
If you have only one IP addresses, it seems that
either your mail server must _be_ the firewall,
or be behind it. I don't think it's crazy, but
the only way to find out how "normal" it is would
be to break it and see if the people who complain
I am wondering if there is some misconfiguration or
perhaps a different configuration that could be used to
alleviate this problem.
I am not convinced the problem has been exactly
described, although your town employee seems to know
a lot more than I do about it. You may be standing
in the middle of a pissing contest. If a customer
and a local authority work together you might get
comcast's leg quite wet.
I have no expertise running a mail server and thought
somebody on this list might be able to help.
I hope you have learned your lesson about expecting
help from people with expertise. That reminds me of
a short FAQ that appeared in the Managment School
Q: What are those strange creatures in the hall?
At first, I took them for apes, but they all wear
A: Those are not apes, those are PhD candidates.
The hair, grunting, and hunched gait become
more pronounced just before Qualifying Exams.
Rather than run from them, you will find that
you can speak to them, if you ask questions about
your homework. The answers can be helpful if
you can keep them focused on your problem.
If the answer begins "In equilibrium..." you
know you have asked the wrong one.